When I try to add a group policy for Windows Server 2012 R2 under the Domain Controller=>Default Domain Controller Policy, the pop up window works fine. When I try to go to
Computer Configuration Policy=>Windows Settings=>Security Settings, as soon as I hit the Security Setting tab=> I get the following error for the Wired Network Policy Management
"MMC has detected an error in a snap-in. It is recommended that you shut down and restart MMC."
Looking for some help here. Mentally fried after trying to figure this out.
Overview of our servers
PDC - purple2
ops2 - DC\DHCP
NTMX2 - old mail server, DC and backup for AD
Below is the results of the "DCDIAG" command on the Server "Ops2"
Directory Server DiagnosisHello! I am quite new to AD. I got introduced to an already set up domain (the IT guy who set it up, left) controller and we have been having issues with some users under a certain GPO.
We are using folder forwarding for a group of users so they share the same desktop icons. Sometimes, some icons disappear on their own, then they come back. Nobody is deleting anything from their desktop so I don't know what this could be.
Can it be the connection to the server lagging or something; or maybe a virus?
Thanks in advance.
I have a problem where any Domain Admin can backdoor into another PC on the domain via \\PCNAME\C$
Is there a way to block this type of entry on a PC for security purposes? Our Directors are requesting that NOBODY can access their system without their knowledge but I have not found a way to block this. Our IT Engineering group are all Domain Admins.
Hello all,
I have been struggling with getting our proxy settings to filter down to user machines over the past week. I have created a new GPO solely for this purpose using the internet options> connections > LAN settings as well as using reg keys to try and enforce it.
However upon gpudating the expected settings do not show in the user machines internet options. When running gpresult /z I can see the policy is not being blocked and the user is in the correct OU andsecurity groups. If anyone has any pointers that would be great!
we have this situation in our IT Infrastructure.
we have two domain controllers DC01 and DC02 both are windows server 2008R2 sp2.
DC01(Primäre Domain)
*Domain Controller (DC)
*DNS
*DHCP
*File Server
*Print server
DC02(Secondary Domain)
*Domain Controller (DC)
*DNS
*DHCP
*File Server
*Print server
we have install new DC03 Server with OS Window Server 2012 R2
DC03
*Domain Controller (DC)
*DNS
*DHCP
*File Server
*Print server
We want DC03 (Primary Domain) to become Directory Domain and DC01(Secondary Domain)
Can you help us what steps do we need to make...
what are the steps for change Primary Domain controller with another Server "DC03"
We're running at 2008 R2 FL on 2008 R2 DCs. We'd like to migrate to 2016 FL on 2019 DCs.
Is it possible to add 2019 DCs, demote the 2008 DCs, then raise the FL incrementally 2008 R2 -> 2012 R2 -> 2016? Or does that require stepping up the server version as well? We're trying to do as few server migrations as possible.
Hello ,
In our AD 2016 , i was removed accidently the oldest security logs and the DC know is not backupped .is there a way to restore the security logs ?
Regards
hi all ,
im new here and im planing to deploy roaming profiles using GPO and i want to ask :
after i read the Microsoft roaming doc regarding to deploy roaming to computer i wanna ask about msDS-PrimaryComputer attribute , my company have many user divided between department and works in shift's my question is can i assign a distribution group in msDS-PrimaryComputer and for many computer : like in first computer i assign HR group in primary computer attribute and for the second computer can i also assign the same group (HR group ) .
hope i deliver the the idea :)
A problematic domain controller was shutdown to resolve the issue and then deleted from AD, DNS, Sites and Services. I did not delete it cos I would have dcpromo to remove it if anything but everything seems to be working fine after.
Now I ran repadmin /syncall/ AdeP from the the DC that holds all the roles and all looks good no errors seen.
I am trying to attempt to remove the metadata and meeting this error:
C:\>ntdsutilHow can I remove the metadata? Any links to step by step which I can use and remove this DC-02 via ADSIedit?
Much appreciated!
I have an Azure compute resource running Windows Server 2016. AADDS is already configured, and the Azure server is now a member of the on premise AD. I need to promote the Azure server to DC in the on premise AD. The Azure server is not listed as a computer object in the on premise AD, and the server is not listed as a device in the Azure tenant. Is that a problem, and if so how can both those issues be resolved?
What is the process for promoting the Azure server to DC in the on premise AD? Thank you.
Hi Support,
We have an office online server and it works on internal network. However, it does not works when a user tries to access it from external network.
We are using Windows Server 2016 IIS ARR to publish exchange 2016 and also Office online server. Exchange services (owa, autodiscover, activesync, etc.) works fine, but the office online services failed.
The rules setting is regular expression ((?:^en-us/|^hosting/|^m/|^o/|^oh/|^op/|^p/|^we/|^wv/|^x/).*). After open the documents, it will show this error:
The testing link https://oos.xxxxx.com/hosting/discovery can access normally.
Any ideas?
Best Regards
Chong
Andy Chong
We have a 2016 Forest/Domain with 4 domain controllers all running Windows 2016.
Daily all four domain controllers have been reporting NO_CLIENT_SITE messages both within the NETLOGON.LOG/NETLOGON.BAK and System log with EVENTID 5807
Up until last Wednesday 3rd July where they've all stopped doing it.
The NETLOGON.LOG/NETLOGON.BAK files all have different time stamps varying from 16:15 to 19:12 on the DC's but that's it the messages stop. In event viewer no more reports of ID 5807 either.
I know that we still have missing subnets, as I only got asked to take a look on Friday and have created 94 missing subnets with a further 18 still to do. At this point I paused to go and refresh the data I had and noticed it was at the 3rd timestamp.
I've tried:
Any ideas on how I can re-instate these messages?
Mark
Dear All,
Greetings,
After runining Dfsrmig /setglobalstate 1
The following is "Dfsrmig /getmigrationstate" results:
and below is "Dfsrmig /getglobalstate"
kindly, need your help to solve the issue.
Thanks in advance.
Regards,
Faisal
I merging two educational establishment Domains
I have 2 domains d.edu.sa and k.edu.sa each is separate forest .
I have establish 2way forest trust , done all necessary DNS forwarding etc , nslook up working both ways with FQDN and Netbios
I can browse objects from D domain in K domain , but when select I get :
the active directory domain controller required to find the selected objects in the following domains are not available :
d.edu.sa
ensure the active directory domain controller are available and try agian
I have query ports 389 every thing seems to be in place ,what on earth could be the problem
Note : when creatin trust I had to do it from each domain
I have been chasing my tail for two weeks now and almost try everything in tech blog I came across ..
Can any one help , please note that I have done all home work including firewall , network between 2 are fine .what on earth could be the issue !!
Hi
We have Windows 2008R2 Active directory server, 2008R2 Additonal DC , RODC and 2008R2 Terminal servers in our office.
We would plan to Migrate to 2016 server version and when we check our Active directory server functional level and found as below
Also the Forest functional level also Windows server 2003 only.
Now we would want to raise both Domain and Forest functional level to 2008R2. Please advice me how to do that.
Also i would like to know Migration to 2016 version is after doing this better.
Thanks
Krishna
Hi
I want to allow my users to change the password once they logged into the server.
The changing password option is available when I log into the machine using a local account but after I join the machine to the domain and log in with a domain user, the password change option is greyed out.
It is a new Active Directory I built recently and there is no group policies applied.
I want to know how to enable the password change option for the users.
Option greyed out: